1. Field
Embodiments of this invention relate to the field of cryptography.
2. Background
Adoption of public key cryptography has been tremendously limited by the “key management problem” that is, the problem of allowing users to reliably identify the public keys of their intended communication partners. One approach used to address this problem is to construct a Public Key Infrastructure (PKI). This approach designates one or more trusted public keys known by the members of the PKI. The computer system that has the trusted public keys can sign digital certificates containing the public keys of users and devices in the PKI. This process authenticates the public keys of the PKI members.
The primary difficulty addressed by PKI is the problem of key management and distribution. That is, of deciding how to get authenticated copies of particular individuals' or devices' public keys to those individuals and devices that need to rely on these keys. A PKI is a system of well-known trusted public keys, possibly hierarchically organized. In PKI the owner of a trusted key is usually termed a “Certification Authority”, or CA. Those trusted keys are used to authenticate the keys of other members (users and devices) in the PKI by signing the keys for the members, thus creating a “digital certificate”. Such a certificate typically uses this trusted signature to link a public key to information indicating who owns the key (an identity certificate), or what the key is allowed to be used for (an attribute certificate), or at very minimum, just that the bearer of the corresponding private key is a valid member of this particular PKI or other trust system.
Such a PKI simplifies the key management problem, as the number of keys that must be exchanged a priori goes from many down to the number of the trusted public keys. As long as the information contained in a member's certificate is sufficient to indicate to the verifier of that certificate that they are communicating with their intended party, the signature on that certificate is enough to let them know that the public key contained therein belongs to a trusted entity.
Unfortunately, creation and management of PKIs, as well as distribution of certificates, has turned out to be incredibly difficult and complex. Even establishment of small special-purpose PKIs to support the use of public key cryptography for one application within one organization is generally considered to be too expensive and difficult. One reason for this is that the available software is complicated, expensive, and requires deep knowledge of standards and cryptography to be configured to be effective. As a result, in spite of the fact that the use of public key cryptography can dramatically increase the security of many communications protocols (as compared, for example, to password-based alternatives), protocol designers are forced to move to less secure alternatives that do not require the “burden” of PKI establishment. Similarly, this cost of setting up a PKI keeps individuals from considering larger-scale use of public key cryptography in embedded devices (e.g. cell phones, printers, etc), as each of these devices would have to be “provisioned” with a certificate before use.
Furthermore, the key management and distribution problem described above in the PKI context exists with any secure credential infrastructure that has a credential issuing authority to issue credentials.
A derivative problem exists for wireless networks. These networks have proved notoriously difficult for even knowledgeable corporate IT departments to configure securely. This has led to many deployed networks exposing information and network resources to strangers thus, leaving client machines vulnerable to attack. While standards bodies have begun to specify technologies capable of securing these networks, these new security technologies are complex, and even more difficult to configure and manage than the existing technologies. In many environments (for example home or small business wireless networks), it will be difficult, if not impossible, for network users to effectively configure and manage these networks to make them secure (many current wireless users find that 802.11b WEP is difficult to configure).
The standards body responsible for improving the security of the 802.11 standard are adapting the 802.1x standard for use on 802.11 networks.
In 802.1X's most secure configuration, clients and authentication servers authenticate each other and secure their communications using Transport Layer Security (TLS), which requires both the client and server to have a digital certificate with which they authenticate to each other. To distribute such certificates requires the deployment of a PKI (or other secure credential infrastructure) and the installation of a unique client certificate on each network client. This is a notoriously difficult task and subject to incorrect configurations that can leave clients vulnerable to rogue machines who can gain access to the shared wireless medium; those rogue machines can then use those vulnerable (but authenticated) clients as a base from which to attack the corporate LAN. Again, in situations where this approach is successful, it is either difficult to configure and manage, expensive, or totally out of the reach of small network users.
Similar problems also exist for simple wired networks. For example, if providing static IP addresses or adding a computer to a domain, currently an employee often must have their computer configured by an IT professional responsible for maintaining the addresses.
Another problem exists in the medical field. Security for patient data in the hospital setting has always been important, but with the advent of new HIPAA guidelines, it has become legally mandatory. At the same time, sensors or devices that gather patient data must be highly usable by a community of doctors and nurses who may not be experts in computer technology.
Today, nurses' assistants manually measure and record temperature and blood pressure. These measurements are available through a physical chart, providing no ability for graphing of data over time, etc. There are some facilities for automatic monitoring of patients (e.g. EKG machines), which can be connected to alarm facilities at nurses stations, but these facilities are expensive, and don't allow the integration of arbitrary sensors, and they all require the use of cables, wires or tubes between the sensor and the patients. These cables, wires and tubes cause significant room clutter and are a trip and snag danger to the patient and the medical staff.
Some companies are beginning to commoditize the automation of patient monitoring by attaching wireless sensors to patients The patent data can be transmitted over an 802.11, other wireless, or wired network to a patient database. Such a system, however, requires securing of the links between the sensors and the patient database. This security must not only prevent eavesdropping by arbitrary attackers, but in order to comply with HIPAA, must enforce access control between legitimate members of the hospital community. There are no good solutions on the market for this problem, and traditional approaches, such as passwords, do not translate well to embedded devices such as sensors.
In yet another situation, patients using sensors at home face similar problems with securing data transmission to their doctors (or even configuring the monitoring devices to appropriately communicate data to their doctors). Some sensor devices use phone-based data transmission to handle both getting the data to the right place, and limiting access to the data in transit. However, the use of wireless sensors and the use of the internet or cellular phone networks to transmit such data is expected to increase as will the need to keep the data secure.
Turning to yet another problem, today, Emergency Operations Centers (EOC) communicate with the public largely using broadcast and telephony media. During an emergency EOC can use computer assisted dedicated switching systems to program specific messages for either the entire citizenry or a subset of those people who can be reached (for example, by specifying a location, type of building, or area of affect). The computer system in turn generates an automatic message that is played when a telephone is answered. The computer system then initiates calls to the targeted citizenry. The EOC can also communicate with the public by requesting that television and radio stations broadcast informational announcements. EOC commanders recognize that neither approach reaches all members of the public. In addition, the telephone calling system is easy for criminals to abuse.
It would be advantageous to provide a simpler way to create a secure credential infrastructure such as a PKI. It would also be advantageous to simplify the configuration (including the security aspects) of wireless access points (WAP) as well as simplifying the process of configuring a network even for wired networks. Furthermore, it would be advantageous to simplify the provisioning of sensors that provide data that needs to be secure. It would be still further advantageous to provide a secure means for providing public service notices.